Use asprintf instead of sprintf, use xmalloc instead of malloc.

Return values were allocated dynamically but never freed, this
caused memory leaks if authentication functions were called more
than once. Made them static, so that they get reallocated at each
new invocation of getM functions, thus reclaming lost storage.

Made <config.h> the first file to be included and guard it with
#ifdef HAVE_CONFIG_H

Reindented text to conform to GNU coding style.

+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <pwd.h>
 
-#include <config.h>
 
 #ifdef HAVE_MYSQL
 
@@ -13,105 +15,130 @@
 #include <mysql/mysql.h>
 #include "MySql.h"
 
-struct passwd *getMpwnam (const char *username)
-{
-	char QueryStr[1024];
-	MYSQL *m;
-	MYSQL_RES *res;
-	MYSQL_ROW row;
-	struct passwd *tpw;
-
-	m = mysql_init(0);
-
-        if (!m)
-		return(NULL);
-
-	if (!mysql_real_connect(m, NULL, MUSER, MPASS, MDB, 0, NULL, 0))
-		return(NULL);
-
-	memset((char *)QueryStr, '\0', 1024);
-
-	sprintf(QueryStr, "select %s,%s,%s,%s,%s from %s where %s = '%s'", Mpassword, Muid, Mgid, Mhomedir, Mshell, Mtable, Musername, username);
-
-	if (mysql_query(m, QueryStr) != 0)
-		return(NULL);
-
-	if ((res = mysql_store_result(m)) == NULL)
-		return(NULL);
-
-	if ((row = mysql_fetch_row(res)) == NULL)
-		return(NULL);
+extern void *xmalloc (size_t);
 
-	tpw = (struct passwd *)malloc(sizeof(struct passwd));
-	
-	tpw->pw_name = malloc(strlen(username)+1);
-	strcpy(tpw->pw_name, username);
-
-	tpw->pw_passwd = malloc(strlen(row[0])+1);
-	strcpy(tpw->pw_passwd, row[0]);
-
-	tpw->pw_uid = atoi(row[1]);
-	tpw->pw_gid = atoi(row[2]);
+struct passwd *
+getMpwnam (const char *username)
+{
+  char *QueryStr = NULL;
+  MYSQL *m;
+  MYSQL_RES *res;
+  MYSQL_ROW row;
+  static struct passwd *tpw;
+
+  if (tpw)
+    {
+      free (tpw->pw_name);
+      free (tpw->pw_passwd);
+      free (tpw->pw_gecos);
+      free (tpw->pw_dir);
+      free (tpw->pw_shell);
+    }
+      
+  m = mysql_init (0);
+
+  if (!m)
+    return NULL;
+
+  if (!mysql_real_connect (m, NULL, MUSER, MPASS, MDB, 0, NULL, 0))
+    return NULL;
+
+  asprintf (&QueryStr,
+	   "select %s,%s,%s,%s,%s from %s where %s = '%s'",
+	   Mpassword, Muid, Mgid, Mhomedir, Mshell, Mtable,
+	   Musername, username);
+
+  if (!QueryStr)
+    return NULL;
+  
+  if (mysql_query (m, QueryStr) != 0)
+    return NULL;
+
+  if ((res = mysql_store_result (m)) == NULL)
+    return NULL;
+
+  if ((row = mysql_fetch_row (res)) == NULL)
+    return NULL;
+
+  if (!tpw)
+    tpw = (struct passwd *)xmalloc (sizeof (struct passwd));
+  tpw->pw_name = xmalloc (strlen (username)+1);
+  strcpy (tpw->pw_name, username);
+
+  tpw->pw_passwd = xmalloc (strlen (row[0])+1);
+  strcpy (tpw->pw_passwd, row[0]);
+
+  tpw->pw_uid = atoi (row[1]);
+  tpw->pw_gid = atoi (row[2]);
 	
-	tpw->pw_gecos = malloc(strlen("Mysql User")+1);
-	strcpy(tpw->pw_gecos, "Mysql User");
+  tpw->pw_gecos = xmalloc (strlen ("Mysql User")+1);
+  strcpy (tpw->pw_gecos, "Mysql User");
 
-	tpw->pw_dir = malloc(strlen(row[3])+1);
-	strcpy(tpw->pw_dir, row[3]);
+  tpw->pw_dir = xmalloc (strlen (row[3])+1);
+  strcpy (tpw->pw_dir, row[3]);
 
-	tpw->pw_shell = malloc(strlen(row[4])+1);
-	strcpy(tpw->pw_shell, row[4]);
+  tpw->pw_shell = xmalloc (strlen (row[4])+1);
+  strcpy (tpw->pw_shell, row[4]);
 	
-	mysql_free_result(res);	
-	return(tpw);
+  mysql_free_result (res);	
+  return tpw;
 }
 
 
 #ifdef HAVE_SHADOW_H
 
-struct spwd *getMspnam (const char *username)
+struct spwd *
+getMspnam (const char *username)
 {
-	char QueryStr[1024];
-	MYSQL *m;
-	MYSQL_RES *res;
-	MYSQL_ROW row;
-	struct spwd *tpw;
-
-	m = mysql_init(0);
-
-        if (!m)
-		return(NULL);
-
-	if (!mysql_real_connect(m, NULL, MUSER, MPASS, MDB, 0, NULL, 0))
-		return(NULL);
-
-	memset((char *)QueryStr, '\0', 1024);
-	sprintf(QueryStr, "select %s from %s where %s = '%s'", Mpassword, Mtable, Musername, username);
-
-	if (mysql_query(m, QueryStr) != 0)
-		return(NULL);
+  char *QueryStr = NULL;
+  MYSQL *m;
+  MYSQL_RES *res;
+  MYSQL_ROW row;
+  static struct spwd *tpw;
+
+  if (tpw)
+    {
+      free (tpw->sp_namp);
+      free (tpw->sp_pwdp);
+    }
+      
+  m = mysql_init (0);
+
+  if (!m)
+    return NULL;
+  
+  if (!mysql_real_connect (m, NULL, MUSER, MPASS, MDB, 0, NULL, 0))
+    return NULL;
+
+  asprintf (&QueryStr,
+	   "select %s from %s where %s = '%s'",
+	   Mpassword, Mtable, Musername, username);
+
+  if (mysql_query (m, QueryStr) != 0)
+    return NULL;
 	 
-	if ((res = mysql_store_result(m)) == NULL)
-		return(NULL);
+  if ((res = mysql_store_result (m)) == NULL)
+    return NULL;
 
-	if ((row = mysql_fetch_row(res)) == NULL)
-		return(NULL);
+  if ((row = mysql_fetch_row (res)) == NULL)
+    return NULL;
 
-	tpw = (struct spwd *)malloc(sizeof(struct spwd));
+  if (!tpw)
+    tpw = (struct spwd *)xmalloc (sizeof (struct spwd));
 	
-	tpw->sp_namp = malloc(strlen(username)+1);
-	strcpy(tpw->sp_namp, username);
+  tpw->sp_namp = xmalloc (strlen (username)+1);
+  strcpy (tpw->sp_namp, username);
 
-	tpw->sp_pwdp = malloc(strlen(row[0])+1);
-	strcpy(tpw->sp_pwdp, row[0]);
+  tpw->sp_pwdp = xmalloc (strlen (row[0])+1);
+  strcpy (tpw->sp_pwdp, row[0]);
 
-	tpw->sp_lstchg = 11428;
-	tpw->sp_min = 0;
-	tpw->sp_max = 99999;
-	tpw->sp_warn = 7;
+  tpw->sp_lstchg = 11428;
+  tpw->sp_min = 0;
+  tpw->sp_max = 99999;
+  tpw->sp_warn = 7;
 
-	mysql_free_result(res);	
-	return(tpw);
+  mysql_free_result (res);	
+  return tpw;
 }
 
 #endif /* HAVE_SHADOW_H */